back to article Breached health insurer won't pay ransom to protect customers, warns of more attacks

Australian health insurer Medibank – which spent October discovering a security incident was worse than it first thought – has announced it will not pay a ransom to attackers that made off with personal info describing nearly ten million customers. "Based on the extensive advice we have received from cyber crime experts we …

  1. Anonymous Coward
    Anonymous Coward

    ...won't pay

    Why would they pay a ransom? You have absolutely no guarantee that the data hasn't and/or won't be passed on. It's no like criminals are people of honour is it?

    1. CrazyOldCatMan Silver badge

      Re: ...won't pay

      Why would they pay a ransom?

      As the Saxons discovered - paying the Danes to stay away just meant they came back next year wanting more money..

      (Ironically I'm listening to Scandi-Prog from Kaipa while typing this..)

  2. Anonymous Coward
    Anonymous Coward

    Good!

    We've got to make this kind of thing unprofitable, or it'll never go away. Paying them just proves it's worth their time.

    1. eldakka

      Re: Good!

      > We've got to make this kind of thing unprofitable, or it'll never go away. Paying them just proves it's worth their time.

      I think it should be turned around. Whatever the amount of the ransom demand is instead should be put up as a bounty on the heads of the hackers, dead* or alive.

      ----------------------------------------------------------------------------

      * figuratively. I'm pretty sure it'd be illegal to put that sort of reward up. But, rather, "information leading to the arrest and conviction of".

      1. Trigonoceps occipitalis

        Re: Good!

        And that is called paying the Dane-geld;

        But we've proved it again and again,

        That if once you have paid him the Dane-geld

        You never get rid of the Dane.

        Rudyard Kipling

        1. eldakka

          Re: Good!

          > And that is called paying the Dane-geld;

          err, no, no it's not.

          Paying the ransom would be paying the Dane-geld.

          That is not what I said. In fact that's the complete opposite of what I said.

          I was, and am, advocating taking that money and instead using it to fund hunting down and killing (if we are sticking with the Viking-age metaphor, not literally) those that are demanding a Dane-geld. Making it a deadly business to be in.

          1. Trigonoceps occipitalis

            Re: Good!

            "Paying them just proves it's worth their time"

            That's what I said.

      2. Brad Ackerman
        Black Helicopters

        Re: Good!

        It would generally be illegal for a private entity to put that sort of reward up, yes. But the government could do it. (Whether they should is more complicated even if we can all agree that they deserve it.)

        Indeed, the Australian government is currently providing lethal aid for Ukraine; doing in Russian ransomware operators is a third-level effect of doing in the Russian Armed Forces and not a direct goal, but it doesn't matter whether the cat is black or white so long as it catches mice.

    2. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    Not paying ransom is good

    Leaving customers high and dry, no so great.

  4. Anonymous Coward
    Anonymous Coward

    At least it was stolen by criminals ...

    ... the NHS just hand it out our personal data willy-nilly!

    1. Woodnag

      NHS?

      Nearly. They have a deal with Palantir, who grabs it and then hands out our personal data willy-nilly.

      1. EnviableOne

        Re: NHS?

        Oh and EMIS health, now part of the United Health Group, has about 45% of NHS surgeries and 50% of community health notes...

  5. Anonymous Coward
    Anonymous Coward

    No need to worry about lawsuit from customers?

    1. Brad Ackerman
      FAIL

      The legal theory would presumably be that Medibank negligently allowed unauthorised persons access to information they were required to protect. Paying the perpetrators doesn't somehow retroactively render them authorised.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like